Security: don't print provided HTTP header value as part of help info #1297
Labels
enhancement
New feature or request
good first issue
Good for newcomers
help wanted
Extra attention is needed
Printing the actual provided HTTP request header is not needed to help the user. But it does add an information leak in logs. I think that a custom header in most applications of Lychee in practice, would contain sensitive values.
Actual behavior
Desired behavior
The text was updated successfully, but these errors were encountered: